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ABSTRACT 


The  sequrity  of  Information  Systems  is  the  important  direction  in  the  field  of  Computer  Science.  In  Kazakhstan 


were  3 International  Conference  on  Sequrity  Information  and  Protection  Information  Systems  in  2013  year,  2014  and  2015 
year  in  Astana. 
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INTRODUCTION 

Information  security  system  includes  all  the  components  of  the  information  infrastructure  described  in  this  project, 
and  ensures  the  confidentiality,  integrity  and  availability  of  information.  Information  security  system  ensures  safe 
operation  of  the  business  processes,  and  does  not  interfere  with  the  work  of  users  with  information  resources. 

Information  security  system  is  based  on  the  international  standard  for  information  security  ISO  17799  ("The  rules 
and  regulations  while  ensuring  the  security  of  information").  The  ISO  17799  provides  general  recommendations  on  the 
organization  of  information  security,  providing  a basic  level  of  security  of  information  systems,  typical  for  most 


This  standard  describes  the  issues  that  must  be  considered  when  designing  the  system  of  information  security,  and 
imposes  no  restrictions  on  the  use  of  specific  means  to  ensure  the  security  infrastructure  components.  The  ISO  17799 
contains  the  following  sections  describing  the  various  aspects  of  security  of  information  systems: 

• information  security  strategy  - describes  the  need  to  have  the  support  of  senior  management  by  adopting  a strategy 
of  information  security; 

• Organizational  issues  - makes  recommendations  on  the  form  of  the  organization,  for  the  optimum  implementation 
of  information  security  systems; 

• The  classification  of  information  resources  - describes  the  necessary  steps  to  ensure  the  security  of  information 
resources  and  data  carriers; 

• Human  Resource  Management  - describes  the  influence  of  the  human  factor  on  information  security  and  measures 
aimed  at  reducing  the  risk  involved; 

• physical  security  - describes  measures  to  ensure  the  physical  safety  of  the  components  of  the  information 
infrastructure; 

• Administration  of  information  systems  - describes  the  main  aspects  of  safety  at  work  with  servers,  workstations, 


organizations. 
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and  other  information  systems; 

• Access  control  - describes  the  need  for  a clear  division  of  rights  and  responsibilities  when  dealing  with 
information; 

• Development  and  maintenance  of  information  systems  - describes  the  basic  mechanisms  to  ensure  the  security  of 
information  systems; 

• Business  Continuity  - describes  measures  to  ensure  the  continuous  operation  of  the  organizations; 

• Ensuring  compliance  with  the  requirements  - describes  the  general  requirements  for  information  security  systems 
and  measures  for  verifying 

compliance  with  information  security  systems  to  these  requirements 

The  choice  of  measures  and  means  of  information  security  is  based  on  analysis  of  the  risks  to  the  components  of 
the  information  infrastructure.  The  criteria  for  information  security  are  confidentiality,  integrity  and  availability  of  its 
information  resources.  The  loss  of  any  of  the  above  qualities  of  the  information  must  be  regarded  as  a breach  of 
information  security. 

Risk  analysis  and  structure  of  violations  of  information  security  Information  security  system  provides  for  the 
protection  of  information  infrastructure  components  of  the  security  risks  of  IT  resources  and  related  IT  services. 
Information  security  system  is  an  integrated  set  of  administrative  measures  and  the  software  and  hardware  to  ensure  the 
safety  of  information  resources.  To  implement  information  security  system  is  an  important  component  part  of  the 
administrative  system,  which  includes: 

• the  process  of  information  security  included  in  the  system  of  administration  and  provides  control  over  the 
functioning  of  the  system  of  information  security  (see.  Section  SA  of  the  project); 

• information  security  policy,  which  defines  the  basic  provisions  and  the  scope  of  information  security  systems; 

• Use  the  security  policy  information  services  which  define  the  specific  security  requirements  of  information 
security  infrastructure  components; 

• procedures  to  ensure  security  policies  that  describe  the  means  and  measures  for  implementation  of  the 
requirements  of  security  policies  and  monitoring  their  implementation  (developed  on  the  stage  of  the  information 
security  system). 

• procedures  to  ensure  security  policies  that  describe  the  means  and  measures  for  implementation  of  the 
requirements  of  security  policies  and  monitoring  their  implementation  (developed  on  the  stage  of  the  information 
security  system). 

Policies  and  procedures  for  information  security  protect  the  information  infrastructure  of  the  IT  risks  by 
implementing  appropriate  countermeasures. 

An  integral  part  of  the  information  security  system  is  a system  for  ensuring  continuity  of  the  business,  which 
includes  issues  related  to  recovery  and  business  continuity. 
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TRIALS  GARTNER  IN  THE  FIELD  OF  NETWORK  INFRASTRUCTUR 

At  the  time  of  an  application  SPECTRUM  Security  Manager  president  Aprisma  Management  Technologies 
Skyubits  Mike  (Mike  Skubisz)  spoke  about  this  in  an  open  letter  that  was  published  in  a study  by  Gartner,  and  dedicated 
issues  of  information  protection  (http://www.gartner.com/webletter/aprisma/index.html).  President  of  Aprisma  described 
the  new  product  as  innovative  solution,  which  is  an  extension  of  architecture  SPECTRUM  Service  Level  IntelligenceTM 
provides  intelligent  information  infrastructure. 

BUILDING  A VIRTUAL  TEAM 

Temporary  employees  were  selected  on  the  basis  of  the  importance  of  their  role  in  the  enterprise  business  and  the 
impact  of  security  breaches.  Units  with  the  security  groups  met  the  primary  resource,  because  their  staff  has  a wide  range 
of  technical  skills  that  are  associated  with  sequrity.  The  concept  of  a virtual  team  prevailed,  because  part-time  employees 
CIRT  and  their  backups  were  located  party  in  American  cities.  To  assist  partners  in  participating  in  this  virtual  group 
between  the  group  responsible  for  the  coordination  and  sequrity  architecture  the  rest  of  the  agreements  were  concluded. 
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